5

I used Emacs to encrypt a text file with a symmetric key. When decrypting the file, the program pinentry opens a window for password entry. I accidentally clicked the checkbox for "save in password manager" and then the enter key (no password). Apparently the empty password was stored and now I'm not anymore prompted for a password when opening the file. Instead I get the following error message:

gpg: AES encrypted data
gpg: gcry_kdf_derive failed: Invalid data
gpg: encrypted with 1 passphrase
gpg: decryption failed: No secret key

I get this message when opening the file in Emacs but also when I use gpg2 -d the_file.gpg.

How can I remove the empty password and restore the password prompt?

Things that I already tried (unsuccessfully):

  • reboot,
  • kill gpg-agent,
  • kill gnome-keyring-daemon,
  • remove the key using seahorse (didn't work because seahorse didn't list the key)

I'm using Xubuntu 16.04.

tmalsburg
  • 151

1 Answers1

1

Ubuntu 16.04 and derivatives currently come with GPG 2.1.11, which cannot be used without an agent. Moreover, since 2.1, the agent socket file is fixed to ${GPG_HOMEDIR}/S.gpg-agent. The reason I'm saying this is because I don't know exactly how gpg-agent and gnome-keyring battle for acting as agents by owning that file, but only one can own it at any one time.

The fact there was a check box for saving the password suggests you weren't using pinentry via gpg-agent, but Seahorse via gnome-keyring. I suggest reading the "Managing Passwords" section, and trying to find the bad association (empty pass for that specific file) that way.

Since you mentioned looking for a key in Seahorse- If you are using symmetric encryption, the password will not be associated with any GPG encryption key. (I find GPG to be lacking in that respect, details here.)

Community
  • 1
Matei David
  • 675